Harmonic Development

RSS
Mar 27

Spring Security and Spring Social Demo

I have received several requests for source code to go along with my previous posts about integrating Spring Social into a Spring MVC and Spring Security Web app. I’ve now posted a demo Web application to GitHub, which should be relatively easy to download and run.

http://github.com/sdouglass/spring-security-social

Hopefully this will be useful for folks. It has already been useful for me. While writing this I discovered some issues with how I had integrated Spring Social into my own applications previously. I’m either going to edit my previous posts, or perhaps make new followup posts, to cover what I am doing differently now.

To run the demo app, you will need to create your own applications on Twitter and Facebook:

https://dev.twitter.com/apps/new
https://developers.facebook.com/apps

You will need to create a file src/main/resources/spring-security-social.properties and set the following properties:

  • site.url - URL used in the OAuth process
  • social.crypto.password - password for encrypting/decrypting store OAuth secrets
  • twitter.app.consumerKey - the consumer key for your Twitter application
  • twitter.app.consumerSecret - the consumer secret for your Twitter application
  • facebook.app.clientId - the client id for your Facebook application
  • facebook.app.clientSecret - the client secret for your Facebook application

With all that in place you should be able to run the app with “mvn jetty:run”.

This app supports the following features:

  • signing up by creating an account with a username and password
  • signing in with a username and password
  • new users signing in using Twitter or Facebook accounts
  • existing users signing in using Twitter or Facebook accounts
  • existing users connecting their Twitter and Facebook accounts to their local account
  • existing users disconnecting their Twitter and Facebook accounts from their local accounts

This app is set up to limit users to a one-to-one relationship between local accounts and social accounts from any provider. For example, you cannot link two Twitter accounts to your local account, and you cannot link your Twitter account to two local accounts. This is a subset of the functionality provided by Spring Social, which allows for many-to-many relationships between local and social accounts, but I think it addresses the most common use case.

I plan to go over the demo application in more detail in a future post when I have more time. In the meantime, I will try to respond to questions or comments.

Posted 1 year ago